Login.php hangs in a loop

In my my_include file I have


$dbservername = "localhost";
$dbusername = "my_username";
$dbpassword = "my_password";
$dbname = "my_dbase2";

$conn = mysqli_connect($dbservername,$dbusername,$dbpassword,$dbname);

in my public html called login.phpI have

include_once 'includes/my_include.php';  


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />

$sql = "select user,password from admin2;";
$result = mysqli_query($conn,$sql);
$resultcheck = mysqli_num_rows($result); //check to see if any rows of data was produced

if ($resultcheck >0 ) {
while ($row = mysqli_num_rows($result)) {
echo $row['user'] . "<br>";



The login.php hangs in a loop with no reference to whether a connection was actually made.

You don’t need to loop a login in as you just query your information that you want. Here’s an example:

    /* Setup the Query for reading in login data from database table */
        $query = 'SELECT id, password FROM users WHERE username=:username';

        $stmt = $pdo->prepare($query); // Prepare the query:
        $stmt->execute([':username' => $username]); // Execute the query with the supplied user's emaile:

        $result = $stmt->fetch(PDO::FETCH_OBJ); // Fetch the User 

I use PDO (my recommendation) instead of mysqli, but the principal is the same.

When you say “hangs in a loop”, what are you actually seeing? Infinite loading scroller? An error? From the line below, I’m guessing you’re seeing infinite errors:

while ($row = mysqli_num_rows($result)) {

mysqli_num_rows will return the number of rows in the result every time it is called. This means, if there are results in the query, $rows will always be a number greater than one. PHP is casting this to true for the while check, meaning your while loop is looping forever.

You probably want mysqli_fetch_assoc:

while ($row = mysqli_fetch_assoc($result)) {

Why would you loop a login especially if it calls for a password?

1 Like

NO! A login is no place for a loop.

OP hasn’t mentioned building a login page; that’s just the name of the file. I’m guessing they’re working up to creating a login script, and are trying to get the database interaction straight in their head first.

The ONLY time you would select a user and password is for a login.

Ok yeh, I wasn’t clear; I meant they’re not trying to create the final login page here. The SQL is trying to get all users, and the loop is trying to print all of them out. This is just an attempt to get anything from the database to the screen.

Thanks it worked. I have another question. I have an input page that will be used to get into the login.php previously mentioned.

<title> Login Form</title>
<H1> Login Form</H1>
<p><strong>All who enter the page agree to keep all information confidential</strong></p>
<FORM METHOD="POST" ACTION="authorize1.php">
<INPUT TYPE="text" NAME="user"></p>
<INPUT TYPE="password" NAME="password"></p>
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P>

In the previously mentioned login.php I added at the top of logn.php

if ((!$_POST['user']) || (!$_POST['password'])) {

  header("Location: authorize.php");   //header("Location: auth1.php");




The idea is to input user and password and if successful we get into login.php. The issue is I can get into login.php regardless of what user and password. Any changes needed to make this work??

Yes, lots. You’d need to actually grab the submitted username and password, hash the password, and filter by those parameters when running your SELECT against the db. I think you’re missing some fundamentals about how this would work. Have you been following a tutorial?

Correct I have been following a tutorial. I am fairly new to the php. I did build the interface using mysql when we were on lower versions of php a few years ago and it was working. Once it was upgraded to 7.4 mysql had to be changed to mysqli which I did do at first. I have not been able to get the code to work so I started over with new code from a tutorial. Thanks for the help you provided so far. I am trying to do the following; 1. Initial login page using the user and password (I already created the mysql page with the actual users and has password 2. If the user and password matches the mysql page it alows entry into the authorize page 3. I then want to display in table format the records from the mysql database (already created). I have been experimenting with different online tutorials. At this point I am trying to find template that will accomplish the 3 items I listed. If you know of a page reference feel free to share but thanks for your help just the same

@Adrian when posting code add bbcode code tags [code]...[/code] around it. These have been added for you up to this point.

Changing the database extension that code uses doesn’t change the program logic that the code is using to accomplish a task. Unfortunately, following along with information you find on the web has two major problems - 1) a lot of the information is out of date, is filled with unnecessary things that don’t add any value, and are missing useful things that would get code to work or to tell you why it doesn’t work, and 2) repoducing things you see isn’t teaching you the meaning of what you are doing, so when it doesn’t work, you have no idea how to troubleshoot it.

Logging in, i.e. authenticating who someone is, involves comparing two pieces of information that only they know, which were previously stored in a database table when they registered, e.g. a user identifier, such as a username or an email address, and a password, with a hash of that password stored in the database table. To authenticate who someone is, you would query the database table to find the row matching the first piece of user information (username/email), retrieve the row and test if the submitted password matches the saved password hash. When authentication is successful, you ‘remember’ who the logged in user is by sorting the user’s id (auto-increment integer primary index from the users table) in a session variable. You then test for the existence of this session variable on any page to determine if the visitor is logged in. Any login form and form processing code should be on the same page as this results in the simplest logic and the best User eXperience (UX.)

Does your current login system do all of the above? Any tutorial you find should do these things and more, such as detecting if a post method form has been submitted before accessing the form data, trimming all data before using it, validating all inputs separately, setting up a unique and helpful error message for each validation test that doesn’t pass, displaying the validation errors when the form is redisplayed, and re-populate the appropriate form field values with the previously summitted data so that user doesn’t need to keep reentering the same values over and over.

This is a decent list of stuff you need to be looking at. If you’re new to PHP it may be worth looking at a simpler CRUD application such as a personal todo list to start with. Once you understand the basics, you can start exploring the extra requirements of application security that you’d need to understand before building a robust login system.

Sponsor our Newsletter | Privacy Policy | Terms of Service